How to secure information systems?
Solution
Answer:
Information security:
Information security, sometimes shortened to InfoSec, is the practice of halting unauthorized
access, use, revelation, disordering, modification, investigation, recording or destruction of
information. It is a general term that can be used regardless of the form the data may take (e.g.
electronic, physical).
Since the advent of the internet and increased expansion of computer based technology in
today\'s corporations, information security breaches have increased at an alarming rate. While
businesses take a more cautious approach to how they handle IT security threats, these are
becoming increasingly complex and sophisticated. Denial-of-service attacks, software tampering
(e.g. Trojan horses and computer viruses) and social engineering techniques (e.g. phishing) are
some examples becoming prevalent. While we often times hear of the more widely publicized
embezzlement, money laundering, burglary and bribery statistics, data has shown that companies
have seen greater losses from losses attributed to information security breaches.
One of the most effective ways to prevent criminals from accessing and compromising
confidential company information is to implement an effective information security plan and
properly train firm employees accessing the system. Additionally, companies should implement
a dynamic and independent third party auditor to frequently test the adequacy of their security
system. Lastly, key responsibilities within the information security chain should be segregated
and rotated frequently. If companies follow these three basic tenets, they will be one step closer
to the effective security of their information.
Threats to Information Systems:
Information security threats come in many different forms. Some of the most common threats
today are software attacks, theft of intellectual property, identity theft, theft of equipment or
information, sabotage, and information infiltration Some of the most prevalent types of data
infiltration include input manipulation, program manipulation, data input manipulation, data
stealing, and outright sabotage. The most frequent type associated with this form of fraud is
manipulation of the data. The reason for this most common is because the criminal requires the
less amount of skill.
Most people have experienced software attacks of some sort. Viruses, worms, phishing
attacks, and Trojan horses are a few common examples of software attacks. Governments,
military, corporations, financial institutions, hospitals and private businesses amass a great deal
of confidential information about their employees, customers, products, research and financial
status. Most of this information is now collected, processed and stored on electronic computers
and transmitted across networks to other computers.
Implementing a Information Security System:
With so many different ways and so much potential for breaches to information security
systems.
How to secure information systemsSolutionAnswerInformation.pdf
1. How to secure information systems?
Solution
Answer:
Information security:
Information security, sometimes shortened to InfoSec, is the practice of halting unauthorized
access, use, revelation, disordering, modification, investigation, recording or destruction of
information. It is a general term that can be used regardless of the form the data may take (e.g.
electronic, physical).
Since the advent of the internet and increased expansion of computer based technology in
today's corporations, information security breaches have increased at an alarming rate. While
businesses take a more cautious approach to how they handle IT security threats, these are
becoming increasingly complex and sophisticated. Denial-of-service attacks, software tampering
(e.g. Trojan horses and computer viruses) and social engineering techniques (e.g. phishing) are
some examples becoming prevalent. While we often times hear of the more widely publicized
embezzlement, money laundering, burglary and bribery statistics, data has shown that companies
have seen greater losses from losses attributed to information security breaches.
One of the most effective ways to prevent criminals from accessing and compromising
confidential company information is to implement an effective information security plan and
properly train firm employees accessing the system. Additionally, companies should implement
a dynamic and independent third party auditor to frequently test the adequacy of their security
system. Lastly, key responsibilities within the information security chain should be segregated
and rotated frequently. If companies follow these three basic tenets, they will be one step closer
to the effective security of their information.
Threats to Information Systems:
Information security threats come in many different forms. Some of the most common threats
today are software attacks, theft of intellectual property, identity theft, theft of equipment or
information, sabotage, and information infiltration Some of the most prevalent types of data
infiltration include input manipulation, program manipulation, data input manipulation, data
stealing, and outright sabotage. The most frequent type associated with this form of fraud is
manipulation of the data. The reason for this most common is because the criminal requires the
less amount of skill.
Most people have experienced software attacks of some sort. Viruses, worms, phishing
2. attacks, and Trojan horses are a few common examples of software attacks. Governments,
military, corporations, financial institutions, hospitals and private businesses amass a great deal
of confidential information about their employees, customers, products, research and financial
status. Most of this information is now collected, processed and stored on electronic computers
and transmitted across networks to other computers.
Implementing a Information Security System:
With so many different ways and so much potential for breaches to information security
systems, companies must establish a control system to strengthen the security of its information.
There are seven basic tenets that help strengthen the security of company information systems.
The following seven procedures are imperative to establishing an effective information security
system:
1. Educating employees
2. Establishing quality internal controls
3. Establishing a board of directors and its appointees
4. Establishing a compliant system
5. Establishing an independent audit of the system
6. Developing a structure of accountability
7. Establishing a budget for the information security system;
The Future of Information Security:
The days of “basic firewalls” and basic detection systems to secure information are over.
Viruses, manipulation of data, phishing scams, and even Trojan Horses are just some of the
threats facing information security systems today. In spite of the financial restrictions facing
companies in the present economic environment, information security is not the place that leaves
room to cut corners. Information is one of a company's most precise assets. Security threats of
information systems can have adverse effects on the reputation, status, and overall viability of a
business. Therefore, companies must ensure that they implement an information security system
that is accountable, verifiable, and as dynamic as the business environment in which they seek a
competitive advantage. Those companies abandon the security of their information will
inevitably find themselves at a decided disadvantage to their competitors.